A flaw was found in libvirt in version 4.1.0 and earlier. A missing SocketMode configuration parameter allows any user on the host to connect using virtlockd-admin-sock or virtlogd-admin-sock and perform administrative tasks against the virtlockd and virtlogd daemons. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

A vulnerability was found in libvirt >= 4.1.0 in the virtlockd-admin.socket and virtlogd-admin.socket systemd units. A missing SocketMode configuration parameter allows any user on the host to connect using virtlockd-admin-sock or virtlogd-admin-sock and perform administrative tasks against the virtlockd and virtlogd daemons.

The three patches above, provided by Daniel Berrange, address the issue in multiple layers: the first adds client verification (as is already performed for libvirt-* sockets), preventing other users from accessing the socket. The others restrict the mode of these sockets to 0600, reinforcing the protection with filesystem security.

These sockets enabled if any guest VMs have been started on the host. The impact of this vulnerability is that any local user can send administrative commands, which could result in denial of service against the libvirt service, any guests managed against it, and directing logs to any location on the host filesystem. This last vector could lead to denial of service against other processes, or potentially even privilege escalation.